Skip to content

Snowflake External OAuth Token

Service Name: Snowflake

Service Description: Snowflake is a cloud-based data warehousing platform that provides a solution for data storage, processing, and analytic solutions. It separates compute from storage to allow customers to scale resources independently.

Service Address: https://www.snowflake.com/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the network policy level in Snowflake to control which IP addresses can access Snowflake accounts.

Secret Access Scope: Grants programmatic access to Snowflake resources and data through OAuth authentication, allowing applications to interact with Snowflake on behalf of users without requiring direct user credentials.

Secret Revokement URL: https://docs.snowflake.com/en/user-guide/oauth-partner#revoking-consent

Secret Example: eyJhbGciOiJSUzI1NiIsImtpZCI6IjEyMzQ1Njc4OTAiLCJ0eXAiOiJKV1QifQ.eyJzdWIiOiJTTjAxMjM0NTY3ODkwIiwiYXVkIjoiaHR0cHM6Ly9hY2NvdW50LnNub3dmbGFrZWNvbXB1dGluZy5jb20iLCJpc3MiOiJodHRwczovL29hdXRoLnNub3dmbGFrZWNvbXB1dGluZy5jb20iLCJpYXQiOjE2MTIzNDU2NzgsImV4cCI6MTYxMjM0OTI3OH0.Signature

Suspicious Activity Investigation Instructions:

  • Review Snowflake account usage history for unusual query patterns or data access
  • Check login history for access from unusual locations or IP addresses
  • Monitor for large data transfers or exports that are outside normal usage patterns
  • Review OAuth application permissions and connected applications
  • Check for changes to user roles or privileges that might have been made using the token

Mitigation Instructions:

  • Revoke the OAuth token through the Snowflake web interface under Account > Security > OAuth Clients
  • Review and update network policies to restrict access to trusted IP addresses
  • Implement multi-factor authentication for all Snowflake users
  • Rotate any compromised secrets and review all OAuth integrations
  • Consider implementing Snowflake's role-based access control to limit the scope of access for OAuth tokens
  • Update OAuth scopes to provide least-privilege access for applications
  • Enable Snowflake's access history tracking to monitor for suspicious activities